cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
429
Views
0
Helpful
1
Replies
Highlighted
Beginner

port security action on 3750 - requesting new feature maybe :)

Hi, I was wondering if there is a workaround to have a mac access-list bond to a port security violation action

our need is the following: we have a range of 10 mac addresses that can use any port on the 3750, we only want to allow those ones yet we also need to tak action if a denied mac appears on any port of the switch.

the only work around I found is to basically go into a port-rage mode and list all the allowed mac addresses under all the ports of the switch. I would also add to that a port violation action. did not test it but should work. problem is, it would be a huge config.

I did read that we can create a mac access list and then bind that mac to physical ports wich will actually simplify our solution yet I did not find a way to bind the mac list with a port violation action.

thanks for the feedback             

1 REPLY 1
Highlighted
Beginner

As you said you can do this by using port-security with default action shutdown, by allowing specfic 10 mac-addresses per port or if shutting the port is not neccessary then by simply using VLAN filter by calling vlan access-maps which will allow only those 10 mac addresses to communicate on that VLAN and silently drop other hosts.

Thanks,

Nandan Mathure